You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/01/12 14:59:19 UTC
svn commit: r1058143 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/saml/
main/java/org/apache/ws/security/saml/ext/builder/
test/java/org/apache/ws/security/common/
test/java/org/apache/ws/security/saml/ test/resources/
Author: coheigea
Date: Wed Jan 12 13:59:18 2011
New Revision: 1058143
URL: http://svn.apache.org/viewvc?rev=1058143&view=rev
Log:
[WSS-146] - Added set of tests for creating and processing unsigned authn, attr and authz SAML1.1 and SAML2 assertions
- Made SAMLIssuer configurable so there is no need for a properties file
- Added test CallbackHandlers for SAML1 and SAMl2 assertions.
Added:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java
- copied, changed from r1058087, webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1AuthnSVHandler.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
Removed:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1AuthnSVHandler.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuer.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuerImpl.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1Constants.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2Constants.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenTest.java
webservices/wss4j/trunk/src/test/resources/saml_sv.properties
webservices/wss4j/trunk/src/test/resources/saml_sv_noissuer.properties
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuer.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuer.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuer.java Wed Jan 12 13:59:18 2011
@@ -19,6 +19,8 @@
package org.apache.ws.security.saml;
+import javax.security.auth.callback.CallbackHandler;
+
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -33,18 +35,90 @@ public interface SAMLIssuer {
/**
* Creates a new <code>AssertionWrapper</code>.
- * <p/>
+ *
* A complete <code>AssertionWrapper</code> is constructed.
*
* @return AssertionWrapper
* @throws WSSecurityException
*/
public AssertionWrapper newAssertion() throws WSSecurityException;
+
+ /**
+ * Set whether to send the key value or whether to include the entire cert.
+ * @param sendKeyValue whether to send the key value.
+ */
+ public void setSendKeyValue(boolean sendKeyValue);
+
+ /**
+ * Get whether to send the key value or whether to include the entire cert.
+ * @return whether to send the key value
+ */
+ public boolean isSendKeyValue();
+
+ /**
+ * Set whether to sign the assertion or not.
+ * @param signAssertion whether to sign the assertion or not.
+ */
+ public void setSignAssertion(boolean signAssertion);
+
+ /**
+ * Get whether to sign the assertion or not
+ * @return whether to sign the assertion or not
+ */
+ public boolean isSignAssertion();
+
+ /**
+ * Set the SAML version
+ * @param version the SAML version
+ */
+ public void setSamlVersion(String version);
+
+ /**
+ * Get the SAML version
+ * @return the SAML version
+ */
+ public String getSamlVersion();
+
+ /**
+ * Set the CallbackHandler to use
+ * @param callbackHandler the CallbackHandler to use
+ */
+ public void setCallbackHandler(CallbackHandler callbackHandler);
+
+ /**
+ * Get the CallbackHandler in use
+ * @return the CallbackHandler in use
+ */
+ public CallbackHandler getCallbackHandler();
+
+ /**
+ * Set the issuer crypto
+ * @param issuerCrypto the issuer crypto
+ */
+ public void setIssuerCrypto(Crypto issuerCrypto);
/**
* @return Returns the issuerCrypto.
*/
public Crypto getIssuerCrypto();
+
+ /**
+ * Set the issuer name
+ * @param issuer the issuer name
+ */
+ public void setIssuerName(String issuer);
+
+ /**
+ * Get the issuer name
+ * @return the issuer name
+ */
+ public String getIssuerName();
+
+ /**
+ * Set the issuer key name
+ * @param issuerKeyName the issuer key name
+ */
+ public void setIssuerKeyName(String issuerKeyName);
/**
* @return Returns the issuerKeyName.
@@ -52,6 +126,12 @@ public interface SAMLIssuer {
public String getIssuerKeyName();
/**
+ * Set the issuer key password
+ * @param issuerKeyPassword the issuerKeyPassword.
+ */
+ public void setIssuerKeyPassword(String issuerKeyPassword);
+
+ /**
* @return Returns the issuerKeyPassword.
*/
public String getIssuerKeyPassword();
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuerImpl.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuerImpl.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLIssuerImpl.java Wed Jan 12 13:59:18 2011
@@ -53,15 +53,16 @@ public class SAMLIssuerImpl implements S
private static final Log log = LogFactory.getLog(SAMLIssuerImpl.class.getName());
- private AssertionWrapper sa = null;
-
private Properties properties = null;
+
+ private CallbackHandler callbackHandler = null;
+ private String issuer;
private Crypto issuerCrypto = null;
private String issuerKeyPassword = null;
private String issuerKeyName = null;
- private String samlVersion = null;
+ private String samlVersion = "1.1";
/**
* Flag indicating what format to put the subject's key material in when
@@ -104,7 +105,7 @@ public class SAMLIssuerImpl implements S
}
String sendKeyValueProp =
- properties.getProperty("org.apache.ws.security.saml.issuer.sendKeyValue");
+ properties.getProperty("org.apache.ws.security.saml.issuer.sendKeyValue");
if (sendKeyValueProp != null) {
sendKeyValue = Boolean.valueOf(sendKeyValueProp).booleanValue();
}
@@ -115,7 +116,15 @@ public class SAMLIssuerImpl implements S
signAssertion = Boolean.valueOf(signAssertionProp).booleanValue();
}
- samlVersion = properties.getProperty("org.apache.ws.security.saml.version");
+ String samlVersionProp = properties.getProperty("org.apache.ws.security.saml.version");
+ if (samlVersionProp != null) {
+ samlVersion = samlVersionProp;
+ }
+
+ String issuerProp = properties.getProperty("org.apache.ws.security.saml.issuer");
+ if (issuerProp != null) {
+ issuer = issuerProp;
+ }
}
/**
@@ -130,29 +139,31 @@ public class SAMLIssuerImpl implements S
+ samlVersion + " token"
);
- String issuer = properties.getProperty("org.apache.ws.security.saml.issuer");
- String samlCallbackClassname =
- properties.getProperty("org.apache.ws.security.saml.callback");
- Class<?> callbackClass = null;
- try {
- callbackClass = Loader.loadClass(samlCallbackClassname);
- } catch (ClassNotFoundException ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
+ if (callbackHandler == null) {
+ try {
+ String samlCallbackClassname =
+ properties.getProperty("org.apache.ws.security.saml.callback");
+ Class<?> callbackClass = null;
+ try {
+ callbackClass = Loader.loadClass(samlCallbackClassname);
+ } catch (ClassNotFoundException ex) {
+ throw new WSSecurityException(ex.getMessage(), ex);
+ }
+ callbackHandler = (CallbackHandler)callbackClass.newInstance();
+ } catch (InstantiationException ex) {
+ throw new WSSecurityException(ex.getMessage(), ex);
+ } catch (IllegalAccessException ex) {
+ throw new WSSecurityException(ex.getMessage(), ex);
+ }
}
-
+
// Create a new SAMLParms with all of the information from the properties file.
SAMLParms samlParms = new SAMLParms();
samlParms.setIssuer(issuer);
samlParms.setSamlVersion(samlVersion);
- try {
- samlParms.setCallbackHandler((CallbackHandler)callbackClass.newInstance());
- } catch (InstantiationException ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
- } catch (IllegalAccessException ex) {
- throw new WSSecurityException(ex.getMessage(), ex);
- }
+ samlParms.setCallbackHandler(callbackHandler);
- sa = new AssertionWrapper(samlParms);
+ AssertionWrapper sa = new AssertionWrapper(samlParms);
if (signAssertion) {
//
@@ -215,18 +226,122 @@ public class SAMLIssuerImpl implements S
}
/**
+ * Set whether to send the key value or whether to include the entire cert.
+ * @param sendKeyValue whether to send the key value.
+ */
+ public void setSendKeyValue(boolean sendKeyValue) {
+ this.sendKeyValue = sendKeyValue;
+ }
+
+ /**
+ * Get whether to send the key value or whether to include the entire cert.
+ * @return whether to send the key value
+ */
+ public boolean isSendKeyValue() {
+ return sendKeyValue;
+ }
+
+ /**
+ * Set whether to sign the assertion or not.
+ * @param signAssertion whether to sign the assertion or not.
+ */
+ public void setSignAssertion(boolean signAssertion) {
+ this.signAssertion = signAssertion;
+ }
+
+ /**
+ * Get whether to sign the assertion or not
+ * @return whether to sign the assertion or not
+ */
+ public boolean isSignAssertion() {
+ return signAssertion;
+ }
+
+ /**
+ * Set the SAML version
+ * @param version the SAML version
+ */
+ public void setSamlVersion(String version) {
+ samlVersion = version;
+ }
+
+ /**
+ * Get the SAML version
+ * @return the SAML version
+ */
+ public String getSamlVersion() {
+ return samlVersion;
+ }
+
+ /**
+ * Set the CallbackHandler to use
+ * @param callbackHandler the CallbackHandler to use
+ */
+ public void setCallbackHandler(CallbackHandler callbackHandler) {
+ this.callbackHandler = callbackHandler;
+ }
+
+ /**
+ * Get the CallbackHandler in use
+ * @return the CallbackHandler in use
+ */
+ public CallbackHandler getCallbackHandler() {
+ return callbackHandler;
+ }
+
+ /**
+ * Set the issuer crypto
+ * @param issuerCrypto the issuer crypto
+ */
+ public void setIssuerCrypto(Crypto issuerCrypto) {
+ this.issuerCrypto = issuerCrypto;
+ }
+
+ /**
* @return Returns the issuerCrypto.
*/
public Crypto getIssuerCrypto() {
return issuerCrypto;
}
+
+ /**
+ * Set the issuer name
+ * @param issuer the issuer name
+ */
+ public void setIssuerName(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Get the issuer name
+ * @return the issuer name
+ */
+ public String getIssuerName() {
+ return issuer;
+ }
/**
+ * Set the issuer key name
+ * @param issuerKeyName the issuer key name
+ */
+ public void setIssuerKeyName(String issuerKeyName) {
+ this.issuerKeyName = issuerKeyName;
+ }
+
+ /**
* @return Returns the issuerKeyName.
*/
public String getIssuerKeyName() {
return issuerKeyName;
}
+
+ /**
+ * Set the issuer key password
+ * @param issuerKeyPassword the issuerKeyPassword.
+ */
+ public void setIssuerKeyPassword(String issuerKeyPassword) {
+ this.issuerKeyPassword = issuerKeyPassword;
+ }
/**
* @return Returns the issuerKeyPassword.
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1Constants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1Constants.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1Constants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1Constants.java Wed Jan 12 13:59:18 2011
@@ -51,17 +51,20 @@ public class SAML1Constants {
/**
* Assertion Bearer Confirmation Method Identifier
*/
- public final static String CONF_BEARER = "urn:oasis:names:tc:SAML:1.0:cm:bearer";
+ public final static String CONF_BEARER =
+ "urn:oasis:names:tc:SAML:1.0:cm:bearer";
/**
* Holder of Key Confirmation Method Identifier
*/
- public final static String CONF_HOLDER_KEY = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
+ public final static String CONF_HOLDER_KEY =
+ "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
/**
* Sender Vouches Confirmation Method Identifier
*/
- public final static String CONF_SENDER_VOUCHES = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
+ public final static String CONF_SENDER_VOUCHES =
+ "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches";
//
// AUTH METHOD
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2Constants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2Constants.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2Constants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2Constants.java Wed Jan 12 13:59:18 2011
@@ -59,15 +59,15 @@ public class SAML2Constants {
// SUBJECT CONFIRMATION
//
- public static final String SBJ_CONFIRMATION_HOLDER_OF_KEY =
+ public static final String CONF_BEARER =
+ "urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String CONF_HOLDER_KEY =
"urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
- public static final String SBJ_CONFIRMATION_SENDER_VOUCHES =
+ public static final String CONF_SENDER_VOUCHES =
"urn:oasis:names:tc:SAML:2.0:cm:sender-vouches";
- public static final String SBJ_CONFIRMATION_BEARER =
- "urn:oasis:names:tc:SAML:2.0:cm:bearer";
-
//
// AUTH CONTEXT CLASS REF
//
Copied: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java (from r1058087, webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1AuthnSVHandler.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java?p2=webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java&p1=webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1AuthnSVHandler.java&r1=1058087&r2=1058143&rev=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1AuthnSVHandler.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML1CallbackHandler.java Wed Jan 12 13:59:18 2011
@@ -20,7 +20,11 @@
package org.apache.ws.security.common;
import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.ActionBean;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.apache.ws.security.saml.ext.builder.SAML1Constants;
@@ -31,15 +35,21 @@ import java.io.IOException;
import java.util.Collections;
/**
- * A Callback Handler implementation for a SAML 1.1 authentication assertion using
- * Sender Vouches.
+ * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an
+ * authentication assertion using Sender Vouches.
*/
-public class SAML1AuthnSVHandler implements CallbackHandler {
+public class SAML1CallbackHandler implements CallbackHandler {
+
+ public enum Statement {
+ AUTHN, ATTR, AUTHZ
+ };
private String subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
private String subjectQualifier = "www.example.com";
+ private String confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
+ private Statement statement = Statement.AUTHN;
- public SAML1AuthnSVHandler() {
+ public SAML1CallbackHandler() {
}
public void handle(Callback[] callbacks)
@@ -49,15 +59,46 @@ public class SAML1AuthnSVHandler impleme
SAMLCallback callback = (SAMLCallback) callbacks[i];
SubjectBean subjectBean =
new SubjectBean(
- subjectName, subjectQualifier, SAML1Constants.CONF_SENDER_VOUCHES
+ subjectName, subjectQualifier, confirmationMethod
);
- AuthenticationStatementBean authBean = new AuthenticationStatementBean();
- authBean.setSubject(subjectBean);
- authBean.setAuthenticationMethod("Password");
- callback.setAuthenticationStatementData(Collections.singletonList(authBean));
+ createAndSetStatement(subjectBean, callback);
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
+
+ public void setConfirmationMethod(String confMethod) {
+ confirmationMethod = confMethod;
+ }
+
+ public void setStatement(Statement statement) {
+ this.statement = statement;
+ }
+
+ private void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
+ if (statement == Statement.AUTHN) {
+ AuthenticationStatementBean authBean = new AuthenticationStatementBean();
+ authBean.setSubject(subjectBean);
+ authBean.setAuthenticationMethod("Password");
+ callback.setAuthenticationStatementData(Collections.singletonList(authBean));
+ } else if (statement == Statement.ATTR) {
+ AttributeStatementBean attrBean = new AttributeStatementBean();
+ attrBean.setSubject(subjectBean);
+ AttributeBean attributeBean = new AttributeBean();
+ attributeBean.setSimpleName("role");
+ attributeBean.setAttributeValues(Collections.singletonList("user"));
+ attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
+ callback.setAttributeStatementData(Collections.singletonList(attrBean));
+ } else {
+ AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
+ authzBean.setSubject(subjectBean);
+ ActionBean actionBean = new ActionBean();
+ actionBean.setContents("Read");
+ authzBean.setActions(Collections.singletonList(actionBean));
+ authzBean.setResource("endpoint");
+ authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
+ callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
+ }
+ }
}
Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java?rev=1058143&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java (added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/SAML2CallbackHandler.java Wed Jan 12 13:59:18 2011
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.common;
+
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.ActionBean;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+import java.util.Collections;
+
+/**
+ * A Callback Handler implementation for a SAML 2 assertion. By default it creates an
+ * authentication assertion using Sender Vouches.
+ */
+public class SAML2CallbackHandler implements CallbackHandler {
+
+ public enum Statement {
+ AUTHN, ATTR, AUTHZ
+ };
+
+ private String subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
+ private String subjectQualifier = "www.example.com";
+ private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
+ private Statement statement = Statement.AUTHN;
+
+ public SAML2CallbackHandler() {
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof SAMLCallback) {
+ SAMLCallback callback = (SAMLCallback) callbacks[i];
+ SubjectBean subjectBean =
+ new SubjectBean(
+ subjectName, subjectQualifier, confirmationMethod
+ );
+ callback.setSubject(subjectBean);
+ createAndSetStatement(subjectBean, callback);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+ public void setConfirmationMethod(String confMethod) {
+ confirmationMethod = confMethod;
+ }
+
+ public void setStatement(Statement statement) {
+ this.statement = statement;
+ }
+
+ private void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
+ if (statement == Statement.AUTHN) {
+ AuthenticationStatementBean authBean = new AuthenticationStatementBean();
+ authBean.setAuthenticationMethod("Password");
+ callback.setAuthenticationStatementData(Collections.singletonList(authBean));
+ } else if (statement == Statement.ATTR) {
+ AttributeStatementBean attrBean = new AttributeStatementBean();
+ AttributeBean attributeBean = new AttributeBean();
+ attributeBean.setSimpleName("role");
+ attributeBean.setAttributeValues(Collections.singletonList("user"));
+ attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
+ callback.setAttributeStatementData(Collections.singletonList(attrBean));
+ } else {
+ AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
+ ActionBean actionBean = new ActionBean();
+ actionBean.setContents("Read");
+ authzBean.setActions(Collections.singletonList(actionBean));
+ authzBean.setResource("endpoint");
+ authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
+ callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
+ }
+ }
+}
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlReferenceTest.java Wed Jan 12 13:59:18 2011
@@ -122,20 +122,17 @@ public class SamlReferenceTest extends o
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv.properties");
AssertionWrapper assertion = saml.newAssertion();
- String issuerKeyName = saml.getIssuerKeyName();
- String issuerKeyPW = saml.getIssuerKeyPassword();
- Crypto issuerCrypto = saml.getIssuerCrypto();
+ Crypto crypto = CryptoFactory.getInstance("crypto.properties");
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
Document samlDoc =
- wsSign.build(doc, null, assertion, issuerCrypto,
- issuerKeyName, issuerKeyPW, secHeader
+ wsSign.build(doc, null, assertion, crypto,
+ "16c73ab6-b892-458f-abf5-2f875f74882e", "security", secHeader
);
WSSecEncrypt builder = new WSSecEncrypt();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
- Crypto crypto = CryptoFactory.getInstance("crypto.properties");
Document encryptedDoc = builder.build(samlDoc, crypto, secHeader);
//
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Wed Jan 12 13:59:18 2011
@@ -19,19 +19,22 @@
package org.apache.ws.security.saml;
-import org.apache.ws.security.saml.SAMLIssuerFactory;
-import org.apache.ws.security.saml.SAMLIssuer;
-import org.apache.ws.security.util.WSSecurityUtil;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.common.SAML1CallbackHandler;
+import org.apache.ws.security.common.SAML2CallbackHandler;
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSAMLToken;
+import org.apache.ws.security.saml.SAMLIssuerFactory;
+import org.apache.ws.security.saml.SAMLIssuer;
import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.util.WSSecurityUtil;
+
import org.w3c.dom.Document;
import java.util.List;
@@ -46,12 +49,225 @@ public class SamlTokenTest extends org.j
private WSSecurityEngine secEngine = new WSSecurityEngine();
/**
- * Test that creates, sends and processes an unsigned SAML assertion.
+ * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion.
*/
@org.junit.Test
- public void testSAMLUnsignedSenderVouches() throws Exception {
+ public void testSAML1AuthnAssertion() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 1 authentication assertion, where
+ * the configuration is loaded from a properties file
+ */
+ @org.junit.Test
+ public void testSAML1AuthnAssertionFromProperties() throws Exception {
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv.properties");
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 1.1 attribute assertion.
+ */
+ @org.junit.Test
+ public void testSAML1AttrAssertion() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.ATTR);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Attr Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 1.1 authorization assertion.
+ */
+ @org.junit.Test
+ public void testSAML1AuthzAssertion() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHZ);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion.
+ */
+ @org.junit.Test
+ public void testSAML2AuthnAssertion() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setSamlVersion("2.0");
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 attribute assertion.
+ */
+ @org.junit.Test
+ public void testSAML2AttrAssertion() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setSamlVersion("2.0");
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
+ AssertionWrapper assertion = saml.newAssertion();
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 2 Attr Assertion (sender vouches):");
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ List<WSSecurityEngineResult> results = verify(unsignedDoc);
+ WSSecurityEngineResult actionResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ AssertionWrapper receivedAssertion =
+ (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedAssertion != null);
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authorization assertion.
+ */
+ @org.junit.Test
+ public void testSAML2AuthzAssertion() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHZ);
+ SAMLIssuer saml = new SAMLIssuerImpl();
+ saml.setSamlVersion("2.0");
+ saml.setIssuerName("www.example.com");
+ saml.setCallbackHandler(callbackHandler);
AssertionWrapper assertion = saml.newAssertion();
WSSecSAMLToken wsSign = new WSSecSAMLToken();
@@ -59,13 +275,11 @@ public class SamlTokenTest extends org.j
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- LOG.info("Before SAMLUnsignedSenderVouches....");
Document unsignedDoc = wsSign.build(doc, assertion, secHeader);
- LOG.info("After SAMLUnsignedSenderVouches....");
if (LOG.isDebugEnabled()) {
- LOG.debug("Unsigned SAML message (sender vouches):");
+ LOG.debug("SAML 2 Authz Assertion (sender vouches):");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc);
LOG.debug(outputString);
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenTest.java?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SignedSamlTokenTest.java Wed Jan 12 13:59:18 2011
@@ -64,12 +64,8 @@ public class SignedSamlTokenTest extends
@org.junit.Test
public void testSAMLSignedSenderVouches() throws Exception {
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv.properties");
-
AssertionWrapper assertion = saml.newAssertion();
- String issuerKeyName = saml.getIssuerKeyName();
- String issuerKeyPW = saml.getIssuerKeyPassword();
- Crypto issuerCrypto = saml.getIssuerCrypto();
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
@@ -81,7 +77,10 @@ public class SignedSamlTokenTest extends
secHeader.insertSecurityHeader(doc);
Document signedDoc =
- wsSign.build(doc, null, assertion, issuerCrypto, issuerKeyName, issuerKeyPW, secHeader);
+ wsSign.build(
+ doc, null, assertion, crypto, "16c73ab6-b892-458f-abf5-2f875f74882e",
+ "security", secHeader
+ );
LOG.info("After SAMLSignedSenderVouches....");
if (LOG.isDebugEnabled()) {
@@ -107,12 +106,8 @@ public class SignedSamlTokenTest extends
@org.junit.Test
public void testSAMLSignedSenderVouchesKeyIdentifier() throws Exception {
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv.properties");
-
AssertionWrapper assertion = saml.newAssertion();
- String issuerKeyName = saml.getIssuerKeyName();
- String issuerKeyPW = saml.getIssuerKeyPassword();
- Crypto issuerCrypto = saml.getIssuerCrypto();
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
@@ -124,7 +119,10 @@ public class SignedSamlTokenTest extends
secHeader.insertSecurityHeader(doc);
Document signedDoc =
- wsSign.build(doc, null, assertion, issuerCrypto, issuerKeyName, issuerKeyPW, secHeader);
+ wsSign.build(
+ doc, null, assertion, crypto, "16c73ab6-b892-458f-abf5-2f875f74882e",
+ "security", secHeader
+ );
LOG.info("After SAMLSignedSenderVouches....");
if (LOG.isDebugEnabled()) {
@@ -152,12 +150,8 @@ public class SignedSamlTokenTest extends
@org.junit.Test
public void testDefaultIssuerClass() throws Exception {
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv_noissuer.properties");
-
AssertionWrapper assertion = saml.newAssertion();
- String issuerKeyName = saml.getIssuerKeyName();
- String issuerKeyPW = saml.getIssuerKeyPassword();
- Crypto issuerCrypto = saml.getIssuerCrypto();
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
@@ -168,7 +162,11 @@ public class SignedSamlTokenTest extends
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
- Document signedDoc = wsSign.build(doc, null, assertion, issuerCrypto, issuerKeyName, issuerKeyPW, secHeader);
+ Document signedDoc =
+ wsSign.build(
+ doc, null, assertion, crypto, "16c73ab6-b892-458f-abf5-2f875f74882e",
+ "security", secHeader
+ );
LOG.info("After SAMLSignedSenderVouches....");
if (LOG.isDebugEnabled()) {
@@ -196,12 +194,8 @@ public class SignedSamlTokenTest extends
@org.junit.Test
public void testWSS62() throws Exception {
SAMLIssuer saml = SAMLIssuerFactory.getInstance("saml_sv.properties");
-
AssertionWrapper assertion = saml.newAssertion();
- String issuerKeyName = saml.getIssuerKeyName();
- String issuerKeyPW = saml.getIssuerKeyPassword();
- Crypto issuerCrypto = saml.getIssuerCrypto();
WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
@@ -211,8 +205,10 @@ public class SignedSamlTokenTest extends
secHeader.insertSecurityHeader(doc);
Document signedDoc =
- wsSign.build(doc, null, assertion, issuerCrypto, issuerKeyName, issuerKeyPW, secHeader);
-
+ wsSign.build(
+ doc, null, assertion, crypto, "16c73ab6-b892-458f-abf5-2f875f74882e",
+ "security", secHeader
+ );
//
// Now verify it but first call Handler#doReceiverAction
//
Modified: webservices/wss4j/trunk/src/test/resources/saml_sv.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/resources/saml_sv.properties?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/resources/saml_sv.properties (original)
+++ webservices/wss4j/trunk/src/test/resources/saml_sv.properties Wed Jan 12 13:59:18 2011
@@ -1,7 +1,4 @@
org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
-org.apache.ws.security.saml.issuer.cryptoProp.file=crypto.properties
-org.apache.ws.security.saml.issuer.key.name=16c73ab6-b892-458f-abf5-2f875f74882e
-org.apache.ws.security.saml.issuer.key.password=security
org.apache.ws.security.saml.issuer=www.example.com
org.apache.ws.security.saml.version=1.1
-org.apache.ws.security.saml.callback=org.apache.ws.security.common.SAML1AuthnSVHandler
+org.apache.ws.security.saml.callback=org.apache.ws.security.common.SAML1CallbackHandler
Modified: webservices/wss4j/trunk/src/test/resources/saml_sv_noissuer.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/resources/saml_sv_noissuer.properties?rev=1058143&r1=1058142&r2=1058143&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/resources/saml_sv_noissuer.properties (original)
+++ webservices/wss4j/trunk/src/test/resources/saml_sv_noissuer.properties Wed Jan 12 13:59:18 2011
@@ -1,6 +1,3 @@
-org.apache.ws.security.saml.issuer.cryptoProp.file=crypto.properties
-org.apache.ws.security.saml.issuer.key.name=16c73ab6-b892-458f-abf5-2f875f74882e
-org.apache.ws.security.saml.issuer.key.password=security
org.apache.ws.security.saml.issuer=www.example.com
org.apache.ws.security.saml.version=1.1
-org.apache.ws.security.saml.callback=org.apache.ws.security.common.SAML1AuthnSVHandler
+org.apache.ws.security.saml.callback=org.apache.ws.security.common.SAML1CallbackHandler